logo

oasis-root

Compiled tree of Oasis Linux based on own branch at <https://hacktivis.me/git/oasis/> git clone https://anongit.hacktivis.me/git/oasis-root.git

lsm.h (2631B)

    

  1. /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
  2. /*
  3.  * Linux Security Modules (LSM) - User space API
  4.  *
  5.  * Copyright (C) 2022 Casey Schaufler <casey@schaufler-ca.com>
  6.  * Copyright (C) 2022 Intel Corporation
  7.  */
  9. #ifndef _LINUX_LSM_H
  10. #define _LINUX_LSM_H
  12. #include <linux/stddef.h>
  13. #include <linux/types.h>
  14. #include <linux/unistd.h>
  16. /**
  17.  * struct lsm_ctx - LSM context information
  18.  * @id: the LSM id number, see LSM_ID_XXX
  19.  * @flags: LSM specific flags
  20.  * @len: length of the lsm_ctx struct, @ctx and any other data or padding
  21.  * @ctx_len: the size of @ctx
  22.  * @ctx: the LSM context value
  23.  *
  24.  * The @len field MUST be equal to the size of the lsm_ctx struct
  25.  * plus any additional padding and/or data placed after @ctx.
  26.  *
  27.  * In all cases @ctx_len MUST be equal to the length of @ctx.
  28.  * If @ctx is a string value it should be nul terminated with
  29.  * @ctx_len equal to `strlen(@ctx) + 1`.  Binary values are
  30.  * supported.
  31.  *
  32.  * The @flags and @ctx fields SHOULD only be interpreted by the
  33.  * LSM specified by @id; they MUST be set to zero/0 when not used.
  34.  */
  35. struct lsm_ctx {
  36. 	__u64 id;
  37. 	__u64 flags;
  38. 	__u64 len;
  39. 	__u64 ctx_len;
  40. 	__u8 ctx[] __counted_by(ctx_len);
  41. };
  43. /*
  44.  * ID tokens to identify Linux Security Modules (LSMs)
  45.  *
  46.  * These token values are used to uniquely identify specific LSMs
  47.  * in the kernel as well as in the kernel's LSM userspace API.
  48.  *
  49.  * A value of zero/0 is considered undefined and should not be used
  50.  * outside the kernel. Values 1-99 are reserved for potential
  51.  * future use.
  52.  */
  53. #define LSM_ID_UNDEF		0
  54. #define LSM_ID_CAPABILITY	100
  55. #define LSM_ID_SELINUX		101
  56. #define LSM_ID_SMACK		102
  57. #define LSM_ID_TOMOYO		103
  58. #define LSM_ID_APPARMOR		104
  59. #define LSM_ID_YAMA		105
  60. #define LSM_ID_LOADPIN		106
  61. #define LSM_ID_SAFESETID	107
  62. #define LSM_ID_LOCKDOWN		108
  63. #define LSM_ID_BPF		109
  64. #define LSM_ID_LANDLOCK		110
  65. #define LSM_ID_IMA		111
  66. #define LSM_ID_EVM		112
  67. #define LSM_ID_IPE		113
  69. /*
  70.  * LSM_ATTR_XXX definitions identify different LSM attributes
  71.  * which are used in the kernel's LSM userspace API. Support
  72.  * for these attributes vary across the different LSMs. None
  73.  * are required.
  74.  *
  75.  * A value of zero/0 is considered undefined and should not be used
  76.  * outside the kernel. Values 1-99 are reserved for potential
  77.  * future use.
  78.  */
  79. #define LSM_ATTR_UNDEF		0
  80. #define LSM_ATTR_CURRENT	100
  81. #define LSM_ATTR_EXEC		101
  82. #define LSM_ATTR_FSCREATE	102
  83. #define LSM_ATTR_KEYCREATE	103
  84. #define LSM_ATTR_PREV		104
  85. #define LSM_ATTR_SOCKCREATE	105
  87. /*
  88.  * LSM_FLAG_XXX definitions identify special handling instructions
  89.  * for the API.
  90.  */
  91. #define LSM_FLAG_SINGLE	0x0001
  93. #endif /* _LINUX_LSM_H */